MikroTik: Safe Mode – CLI, WinBox & WebFig
source link: https://www.shellhacks.com/mikrotik-safe-mode-cli-winbox-webfig/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
MikroTik: Safe Mode – CLI, WinBox & WebFig
When setting up a network device, there is always a chance to lose a communication with it due to applying an incorrect configuration.
If you are far away from the device, this can be especially bad 
.
Lucky owners of MikroTik routers can minimize such risks by using a safe mode feature.
From this note you will find out what is the MikroTik safe mode feature, how to use it and how to change the default timeout.
Cool Tip: A default MikroTik firewall config for dummies! Read more →
MikroTik: Safe Mode
Changes made to the MikroTik router after the safe mode is activated, won’t be saved unless you quit the safe mode manually.
If the connection to the router is dropped unexpectedly, any changes that were made in the safe mode will be reverted within 10 minutes, by default.
Change Configuration by Small Chunks! Currently MikroTik keeps a history of up to 100 most recent actions. If more actions are executed while being in the safe mode, the changes couldn’t be automatically undone. The best is to change the configuration by small chunks (enter the safe mode → make a small change → exit the safe mode to empty the action list → enter the safe mode again, and so on).
WinBox/WebFig
To enter the safe mode in a WinBox, hit the Safe Mode button at the top left:
The pressed Safe Mode button means that the MikroTik router is in the safe mode.
To exit the safe mode, unpush the Safe Mode button.
In a WebFig, the safe mode can be enabled or disabled from the menu on the left:
Command-Line Interface
To enter the safe mode in a command-line interface (CLI) of the MikroTik router, press the Ctrl + X keyboard shortcut.
To exit the safe mode and permanently save the changes, press the Ctrl + X keyboard shortcut once again, for example:
[admin@MikroTik] > Ctrl + X [Safe Mode taken] [admin@MikroTik] > <SAFE> /ip firewall filter add action=drop chain=input [admin@MikroTik] > Ctrl + X [Safe Mode released]
If you made a change that caused a disconnection of your session to the router, whatever changes were made in the safe mode, they will be rolled back within 10 minutes, which should let you get back in to the router.
The time to rollback depends on the generic-timeout TCP connection setting:
[admin@MikroTik] > /ip firewall connection tracking print
- sample output -
enabled: auto
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
tcp-max-retrans-timeout: 5m
tcp-unacked-timeout: 5m
loose-tcp-tracking: yes
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
max-entries: 950272
total-entries: 20
If you want the safe mode to rollback faster, you can temporary decrease the generic-timeout setting, for example, to 1 minute:
[admin@MikroTik] > /ip firewall connection tracking set generic-timeout=00:01:00
Cool Tip: Factory reset of a MikroTik router! Read more →
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK